On Sun, 2002-11-10 at 02:51, Ullrich Jans wrote: > "vdongen" <vdongen@hetisw.nl> writes: > > > I wanted to know where the city I live in is: > > > > Googlism for: 's-gravenzande > > > > MYSQL Error in query: > > INSERT INTO googlism (ism,alpha,date,type) VALUES ('\'s- > > gravenzande', ''', now(), '3') > > Error: You have an error in your SQL syntax. Check the manual that > > corresponds to your MySQL server version for the right syntax to use > > near '3')' at line 1 > > > > nice :) > > Really nice. > > The problem here is, this is a potential security breach. I didn't > look further into it, but I think this could be exploited rather > trivially to execute shell code as the user the query runs under. Form > there an attacker could run some local exploit and gain root... But that's just a query being sent to MySQL. The worst case I see is sending arbitrary queries to MySQL (eg, deleting everything in the database). > This should be looked into by the webmaster of googlism (CC'ed) ASAP! Agreed. Alex. -- PGP Public Key: http://aoi.dyndns.org/~alex/pgp-public-key -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCS d- s:++ a18 C++(++++)>$ UL+++(++++) P--- L+++>++++ E---- W+(+++) N- o-- K+ w--- !O M(+) V-- PS+++ PE-- Y+ PGP+(+++) t* 5-- X-- R tv b- DI D+++ G e h! !r y ------END GEEK CODE BLOCK------
Attachment:
signature.asc
Description: This is a digitally signed message part